We are using Confluecence 4.3.1 and the process has stared to roll it out to our entire organisation.
We now have a request that external users will need a space to access information but we want to keep all our other spaces and information hidden from them.
We have had Confluence integrated with our AD for a couple of years now but with the rollout, staff are starting to complain that they have to log into Confluence even for simple things, like looking up HR polices. So I am looking to have a SSO/pass-through authenication setup so that users don't need to login again to the site aftre they have logged into their workstation.
Is this possible either by the confluence config, a plugin or will I need Crowd? If I need crowd, I have been told to look into the cost of licencing but from what I've read, Crowd is used when you are using multiple Atlassian products and want a single sign in for all of them. While we have other atlassian products in use such as JIRA and Bamboo, they are only for limited users, and are kept seperate from Confluence for now.
Is this sort of integration possible?
Crowd is only for Atlassian products so you will have two logins (first Windows, then Crowd).
I never tried to connect a Confluence to an IIS but as I understand authentication via ISS, it uses NTLM. NTLM is still supported but depricated and Microsofts Kerberos is the protocol of choice. And you need an IIS.
I recommend a Kerberos PlugIn for Confluence. Our developers have written plugins and we already realizied SSO/Kerberos solutions in bigger companys. These solutions are working fine.
If you are on Windows, you can try using integrated Windows Authentication via ISS.
Sharepoint Connector has the documentation for this. Will it help?
See the known issues before you proceed.
This would probably be a solution but we need to still have anonymous access as the external staff will not have domain logins. Also we don't use Sharepoint in our organisation, though it seems this merely uses a configuration connector and not need a Sharepoint setup. Am I wrong in that thinking?
From the sounds of it, Crowd is indeed the product for you to implement an SSO solution across your Atlassian applications, (and any other apps that conform to the OpenID format). As part of configuring Crowd, you can set different access parameters for each application so that only the intended users are able to access them and each application can have different access parameters.
Unfortunately though, SSO cannot be implemented just through the confluence config, and whilst there is a plugin for SSO I suspect that it will go beyond your requirements: https://marketplace.atlassian.com/plugins/com.appfusions.confluence.sso.confluence-sso-authenticator
Therefore I would recommend you investigate Crowd as a solution for this implementation.
All the best,
Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time! We're looking for people to participate in a remote 1-hr workshop...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs